CVE-2020-7789 MEDIUM

CVE-2020-7789: Command Injection

Vendor N/A
Product node-notifier
Published December 11, 2020
Last update September 16, 2024

CVSS base score

5.6/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.

Key dates

02Disclosure timeline

December 11, 2020 CVE published
September 16, 2024 Record updated